|
|
|
|
@ -114,8 +114,6 @@ In order to setup a tunnel on both ends, we need to configure certificates to wa
|
|
|
|
|
it is also possible to clients to share a certificate. When adding a certificate from the user manager the CN is automatically
|
|
|
|
|
set to its name. In this example we will only authenticate using the certificate, no additional user or password will be required.
|
|
|
|
|
|
|
|
|
|
.. Note::
|
|
|
|
|
In order for the redirect-gateway option to work, a manual NAT outbound rule must be created.
|
|
|
|
|
|
|
|
|
|
.....................
|
|
|
|
|
Static keys
|
|
|
|
|
@ -148,6 +146,7 @@ TLS static key choose the prepared static key
|
|
|
|
|
Authentication Local Database :sup:`2`
|
|
|
|
|
Strict User/CN Matching [V] :sup:`3`
|
|
|
|
|
Local Network 192.168.8.0/24
|
|
|
|
|
Redirect gateway Leave empty :sup:`4`
|
|
|
|
|
======================= =======================================
|
|
|
|
|
|
|
|
|
|
.. admonition:: Note :sup:`1`
|
|
|
|
|
@ -165,6 +164,10 @@ Local Network 192.168.8.0/24
|
|
|
|
|
Selecting the "Strict User/CN Matching" option warrants only matching user/certificate can login, when sharing a single
|
|
|
|
|
vertificate between clients this option needs to be deselected.
|
|
|
|
|
|
|
|
|
|
.. admonition:: Note :sup:`4`
|
|
|
|
|
|
|
|
|
|
If you want all outgoing IP traffic to be redirected over the VPN, you can set the option to :code:`default`.
|
|
|
|
|
For this to work, a manual NAT outbound rule must be created.
|
|
|
|
|
|
|
|
|
|
Next go to :menuselection:`Firewall --> Rules --> WAN` and add a rule to allow traffic on port :code:`1194/UDP` from the other
|
|
|
|
|
host. At minimum we should add a rule similar to this one:
|
|
|
|
|
|
Thomas Cekal
4 weeks ago